Influencing User’s Behavior Concerning Android Privacy Policy: An Overview

The wide-ranging implementation of Android applications used in various devices, from smartphones to intelligent television, has made it thought-provoking for developers. The permission granting mechanism is one of the defects imposed by the developers. Such assessing of defects does not allow the user to comprehend the implication of privacy for granting permission. Mobile applications are speedily easily reachable to typical users of mobile. Despite possible applications for improving the affordability, availability, and effectiveness of delivering various services, it handles sensitive data and information. Such data and information carry considerable security and privacy risks. Users are usually unaware of how the data can be managed and used. Reusable resources are available in the form of third-party libraries, which are broadly active in android apps. It provides a diversity of functions that deliver privacy and security concerns. Host applications and third-party libraries are run in the same process and share similar permissions. The current study has presented an overview of the existing approaches, methods, and tools used for influencing user behavior concerning android privacy policy. Various prominent libraries were searched, and their search results were analyzed briefly. The search results were presented in diverse perspectives for showing the details of the work done in the area. This will help researchers to offer new solutions in the area of the research.

Download Full-text

A privacy and security analysis of early-deployed COVID-19 contact tracing Android apps

Empirical Software Engineering ◽

10.1007/s10664-020-09934-4 ◽

2021 ◽

Vol 26 (3) ◽

Author(s):

Majid Hatamian ◽

Samuel Wairimu ◽

Nurul Momen ◽

Lothar Fritsch

Keyword(s):

Time Pressure ◽

Security Analysis ◽

Security Requirements ◽

Security And Privacy ◽

Contact Tracing ◽

Privacy And Security ◽

Android Apps ◽

Dynamic Performances ◽

The Impact

AbstractAs this article is being drafted, the SARS-CoV-2/COVID-19 pandemic is causing harm and disruption across the world. Many countries aimed at supporting their contact tracers with the use of digital contact tracing apps in order to manage and control the spread of the virus. Their idea is the automatic registration of meetings between smartphone owners for the quicker processing of infection chains. To date, there are many contact tracing apps that have already been launched and used in 2020. There has been a lot of speculations about the privacy and security aspects of these apps and their potential violation of data protection principles. Therefore, the developers of these apps are constantly criticized because of undermining users’ privacy, neglecting essential privacy and security requirements, and developing apps under time pressure without considering privacy- and security-by-design. In this study, we analyze the privacy and security performance of 28 contact tracing apps available on Android platform from various perspectives, including their code’s privileges, promises made in their privacy policies, and static and dynamic performances. Our methodology is based on the collection of various types of data concerning these 28 apps, namely permission requests, privacy policy texts, run-time resource accesses, and existing security vulnerabilities. Based on the analysis of these data, we quantify and assess the impact of these apps on users’ privacy. We aimed at providing a quick and systematic inspection of the earliest contact tracing apps that have been deployed on multiple continents. Our findings have revealed that the developers of these apps need to take more cautionary steps to ensure code quality and to address security and privacy vulnerabilities. They should more consciously follow legal requirements with respect to apps’ permission declarations, privacy principles, and privacy policy contents.

Download Full-text

Privacy and Security Issues in Online Social Networks

Future Internet ◽

10.3390/fi10120114 ◽

2018 ◽

Vol 10 (12) ◽

pp. 114 ◽

Cited By ~ 14

Author(s):

Shaukat Ali ◽

Naveed Islam ◽

Azhar Rauf ◽

Ikram Din ◽

Mohsen Guizani ◽

...

Keyword(s):

Social Networks ◽

Online Social Networks ◽

Virtual Communities ◽

Service Providers ◽

Security And Privacy ◽

Security Issue ◽

Sensitive Data ◽

Privacy And Security ◽

Security Issues ◽

Social Sphere

The advent of online social networks (OSN) has transformed a common passive reader into a content contributor. It has allowed users to share information and exchange opinions, and also express themselves in online virtual communities to interact with other users of similar interests. However, OSN have turned the social sphere of users into the commercial sphere. This should create a privacy and security issue for OSN users. OSN service providers collect the private and sensitive data of their customers that can be misused by data collectors, third parties, or by unauthorized users. In this paper, common security and privacy issues are explained along with recommendations to OSN users to protect themselves from these issues whenever they use social media.

Download Full-text

Compliance and Regulatory Standards for Cloud Computing

Interdisciplinary Perspectives on Business Convergence, Computing, and Legality - Advances in E-Business Research ◽

10.4018/978-1-4666-4209-6.ch006 ◽

2013 ◽

pp. 54-64 ◽

Cited By ~ 3

Author(s):

Jitendra Singh ◽

Vikas Kumar

Keyword(s):

Cloud Computing ◽

Accounting Standards ◽

Third Party ◽

Sensitive Data ◽

Privacy And Security ◽

Regulatory Standards ◽

Security Standards ◽

Cloud Users

Cloud computing is expanding in reach, with its utility-based features and enhanced agility. Still, there is a big concern about the privacy and security of the data. Because of these concerns, third-party cloud users are employing the cloud only for less sensitive data, and the advantage of cloud computing is not fully harnessed. In order to ensure the privacy and security of data, proper compliance and regulatory standards become very important for the cloud domain. Although a number of such standards exist for the traditional computing, they must be modified for their wider adoption to the cloud platforms. This chapter considers the worldwide available standards in the technical and non-technical categories for wider coverage of the cloud platforms. In the technical category, security standards presently followed by cloud computing have been discussed, while in the non-technical category, privacy and accounting standards like HIPPA, SAS 70, GAPP, etc. have been considered.

Download Full-text

Locking it down

Canadian Pharmacists Journal / Revue des Pharmaciens du Canada ◽

10.1177/1715163516680226 ◽

2016 ◽

Vol 150 (1) ◽

pp. 60-66 ◽

Cited By ~ 8

Author(s):

Kelly Grindrod ◽

Jonathan Boersema ◽

Khrystine Waked ◽

Vivian Smith ◽

Jilan Yang ◽

...

Keyword(s):

Health Information ◽

Personal Information ◽

Medication Management ◽

Kappa Statistic ◽

Personal Health Information ◽

Third Party ◽

Personal Health ◽

Privacy And Security ◽

Standard Data ◽

Android Apps

Objective: To explore the privacy and security of free medication applications (apps) available to Canadian consumers. Methods: The authors searched the Canadian iTunes store for iOS apps and the Canadian Google Play store for Android apps related to medication use and management. Using an Apple iPad Air 2 and a Google Nexus 7 tablet, 2 reviewers generated a list of apps that met the following inclusion criteria: free, available in English, intended for consumer use and related to medication management. Using a standard data collection form, 2 reviewers independently coded each app for the presence/absence of passwords, the storage of personal health information, a privacy statement, encryption, remote wipe and third-party sharing. A Cohen’s Kappa statistic was used to measure interrater agreement. Results: Of the 184 apps evaluated, 70.1% had no password protection or sign-in system. Personal information, including name, date of birth and gender, was requested by 41.8% (77/184) of apps. Contact information, such as address, phone number and email, was requested by 25% (46/184) of apps. Finally, personal health information, other than medication name, was requested by 89.1% (164/184) of apps. Only 34.2% (63/184) of apps had a privacy policy in place. Conclusion: Most free medication apps offer very limited authentication and privacy protocols. As a result, the onus currently falls on patients to input information in these apps selectively and to be aware of the potential privacy issues. Until more secure systems are built, health care practitioners cannot fully support patients wanting to use such apps.

Download Full-text

Narcissism as a Predictor of Facebook Users' Privacy Concern, Vigilance, and Exposure to Risk

International Journal of Technology and Human Interaction ◽

10.4018/ijthi.2014040105 ◽

2014 ◽

Vol 10 (2) ◽

pp. 78-95 ◽

Cited By ~ 12

Author(s):

Karen Smith ◽

Francis Mendez ◽

Garry L. White

Keyword(s):

Security And Privacy ◽

Future Research ◽

Privacy Concern ◽

Privacy And Security ◽

Research Directions ◽

Security Breaches ◽

Future Research Directions ◽

Controlling Variables ◽

And Gender ◽

Privacy Risks

A model is developed and tested to explain the relationships among narcissism, privacy concern, vigilance, and exposure to risk on Facebook, with age and gender as controlling variables. Two important constructs are conceptualized and measured in this research. Facebook exposure is defined as the opportunity for privacy and security breaches on Facebook. Facebook vigilance is the extent to which consumers stay focused, attentive, and alert to potential security and privacy risks on Facebook by restricting who can access and post to their Facebook accounts. Data from a survey of 286 adult Facebook users in the U.S. support the hypothesized relationships in the model. Results suggest that narcissism is related to increased Facebook exposure and lower Facebook vigilance, despite greater stated concern for privacy and security. Furthermore, females and younger users have greater risk exposure compared to males and older users. Implications of the findings and future research directions are discussed.

Download Full-text

Culture and Consumer Trust in Online Businesses

Electronic Services ◽

10.4018/978-1-61520-967-5.ch087 ◽

2010 ◽

pp. 1402-1421

Author(s):

Robert Greenberg ◽

Bernard Wong-On-Wing ◽

Gladie Lui

Keyword(s):

Hong Kong ◽

Third Party ◽

Security And Privacy ◽

Consumer Trust ◽

Online Transactions ◽

Trust Formation ◽

Assurance Services ◽

Online Business ◽

Global Nature ◽

Privacy Risks

The importance of consumer trust to the success of online businesses is well documented in the literature. Given the global nature of online transactions, an important question is whether trust and trust formation differ across cultures. This study compared Hong Kong and U.S. consumer trust in online businesses. Specifically, the study examined security and privacy risks related to the purchase of products as well as services. The results show that significant differences exist between consumers from the two countries regarding the perceived level of online business risks and the formation of trust via the transference process. These findings reiterate and underscore the significance of including national culture in studies of trust in e-commerce. The results also have potential implications for online businesses as well as third party certification and assurance services.

Download Full-text

Security and Privacy of Online Social Network Applications

Social Network Engineering for Secure Web Data and Services ◽

10.4018/978-1-4666-3926-3.ch010 ◽

2013 ◽

pp. 206-221

Author(s):

Willem De Groef ◽

Dominique Devriese ◽

Tom Reynaert ◽

Frank Piessens

Keyword(s):

Social Network ◽

Social Networking Sites ◽

Online Social Network ◽

Third Party ◽

Security And Privacy ◽

Security Risks ◽

Privacy And Security ◽

Network Applications ◽

Recent Innovation ◽

Social Applications

An important recent innovation on social networking sites is the support for plugging in third-party social applications. Together with the ever-growing number of social network users, social applications come with privacy and security risks for those users. While basic mechanisms for isolating applications are well understood, these mechanisms fall short for social-enabled applications. It is an interesting challenge to design and develop application platforms for social networks that enable the necessary functionality of social applications without compromising both users’ security and privacy. This chapter will identify and discuss the current security and privacy problems related to social applications and their platforms. Next, it will zoom in on proposals on how to address those problems.

Download Full-text

The Price is (Not) Right: Comparing Privacy in Free and Paid Apps

Proceedings on Privacy Enhancing Technologies ◽

10.2478/popets-2020-0050 ◽

2020 ◽

Vol 2020 (3) ◽

pp. 222-242 ◽

Cited By ~ 1

Author(s):

Catherine Han ◽

Irwin Reyes ◽

Álvaro Feal ◽

Joel Reardon ◽

Primal Wijesekera ◽

...

Keyword(s):

Data Collection ◽

Dynamic Analysis ◽

Online Survey ◽

Mobile Apps ◽

Third Party ◽

Security And Privacy ◽

Consumer Privacy ◽

Static And Dynamic Analysis ◽

Android Apps ◽

Collection Practices

AbstractIt is commonly assumed that “free” mobile apps come at the cost of consumer privacy and that paying for apps could offer consumers protection from behavioral advertising and long-term tracking. This work empirically evaluates the validity of this assumption by comparing the privacy practices of free apps and their paid premium versions, while also gauging consumer expectations surrounding free and paid apps. We use both static and dynamic analysis to examine 5,877 pairs of free Android apps and their paid counterparts for differences in data collection practices and privacy policies between pairs. To understand user expectations for paid apps, we conducted a 998-participant online survey and found that consumers expect paid apps to have better security and privacy behaviors. However, there is no clear evidence that paying for an app will actually guarantee protection from extensive data collection in practice. Given that the free version had at least one thirdparty library or dangerous permission, respectively, we discovered that 45% of the paid versions reused all of the same third-party libraries as their free versions, and 74% of the paid versions had all of the dangerous permissions held by the free app. Likewise, our dynamic analysis revealed that 32% of the paid apps exhibit all of the same data collection and transmission behaviors as their free counterparts. Finally, we found that 40% of apps did not have a privacy policy link in the Google Play Store and that only 3.7% of the pairs that did reflected differences between the free and paid versions.

Download Full-text

Alexa, Who Am I Speaking To?: Understanding Users’ Ability to Identify Third-Party Apps on Amazon Alexa

ACM Transactions on Internet Technology ◽

10.1145/3446389 ◽

2022 ◽

Vol 22 (1) ◽

pp. 1-22

Author(s):

David Major ◽

Danny Yuxing Huang ◽

Marshini Chetty ◽

Nick Feamster

Keyword(s):

Internet Of Things ◽

User Interfaces ◽

Third Parties ◽

Third Party ◽

Security And Privacy ◽

Design Recommendations ◽

Design Standard ◽

Voice User ◽

Privacy Risks

Many Internet of Things devices have voice user interfaces. One of the most popular voice user interfaces is Amazon’s Alexa, which supports more than 50,000 third-party applications (“skills”). We study how Alexa’s integration of these skills may confuse users. Our survey of 237 participants found that users do not understand that skills are often operated by third parties, that they often confuse third-party skills with native Alexa functions, and that they are unaware of the functions that the native Alexa system supports. Surprisingly, users who interact with Alexa more frequently are more likely to conclude that a third-party skill is a native Alexa function. The potential for misunderstanding creates new security and privacy risks: attackers can develop third-party skills that operate without users’ knowledge or masquerade as native Alexa functions. To mitigate this threat, we make design recommendations to help users better distinguish native functionality and third-party skills, including audio and visual indicators of native and third-party contexts, as well as a consistent design standard to help users learn what functions are and are not possible on Alexa.

Download Full-text

Cloud State Surveillance

Web Services ◽

10.4018/978-1-5225-7501-6.ch099 ◽

2019 ◽

pp. 1917-1940

Author(s):

Sylvia Kierkegaard

Keyword(s):

Cloud Computing ◽

Data Transfer ◽

Third Party ◽

Sensitive Data ◽

Privacy And Security ◽

Business Information ◽

Legal Risks ◽

State Surveillance ◽

International Data ◽

Risk Insurance

Concerns about government snooping in the wake of revelations by whistle blower Edward Snowden have deterred enterprises and IT professionals from keeping sensitive data in the clouds. Moving towards cloud-based computing has emerged and has gained acceptance as a solution to the tasks related to the processing of information. However, cloud computing carries serious risks to business information. The questions around risk and compliance are still largely unknown and need to be ironed out. Cloud computing opens numerous legal, privacy, and security implications, such as copyright, data loss, destruction of data, identity theft, third-party contractual limitations, e-discovery, risk/insurance allocation, and jurisdictional issues. This chapter discusses the associated legal risks inherent in cloud computing, in particular the international data transfer between EU and non-EU states.

Download Full-text